Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Ktyd0Sae0urirwFX1Unus2IYJks.roa
File: Ktyd0Sae0urirwFX1Unus2IYJks.roa (raw, json)
Hash identifier: AzYzyuDWNTdsGGRfwTcqh1KKBioDBJy9dQlf4h+FNb0=
Subject key identifier: 2A:DC:9D:D1:26:9E:D2:EA:E2:AF:01:57:D5:49:EE:B3:62:18:26:4B
Certificate issuer: /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial: 0184AE06C9432A100342741BC5071DD11782
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Ktyd0Sae0urirwFX1Unus2IYJks.roa
Signing time: Fri 25 Nov 2022 09:03:10 +0000
ROA not before: Fri 25 Nov 2022 09:03:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211585
IP address blocks: 166.108.218.0/23 maxlen: 24
166.108.224.0/23 maxlen: 24
166.108.232.0/23 maxlen: 24
166.108.160.0/22 maxlen: 24
166.108.168.0/22 maxlen: 24
166.108.196.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:ae:06:c9:43:2a:10:03:42:74:1b:c5:07:1d:d1:17:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
Validity
Not Before: Nov 25 09:03:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2adc9dd1269ed2eae2af0157d549eeb36218264b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:db:28:51:a1:e2:1e:af:98:d0:95:ef:47:d8:
64:1e:71:de:8d:03:14:58:38:5a:0b:97:af:ff:da:
63:00:02:67:94:98:14:5a:6c:96:9f:b3:32:6a:f9:
06:cf:16:d7:ff:a3:5e:27:6f:f9:d7:40:c2:b0:66:
7c:44:8f:4b:d9:a9:6b:22:8c:3c:50:1b:e3:b3:7b:
ff:d7:11:97:7d:1f:00:69:3c:26:25:eb:8a:c2:65:
50:10:8b:d2:72:2a:92:eb:d4:ab:ae:20:f0:c9:39:
61:33:32:9c:82:20:d8:0a:c6:e0:76:cc:c7:21:08:
51:bd:15:6a:06:bc:45:91:5f:52:1c:41:22:47:fd:
ca:09:05:41:d2:01:d4:69:52:4e:c5:b7:7d:2a:79:
c2:62:ed:69:e7:15:11:1c:da:b1:e9:01:70:c2:ad:
fa:69:79:c7:45:18:82:66:7b:32:24:ce:60:53:d0:
74:df:9d:e0:19:76:72:21:46:99:99:53:ea:8b:05:
11:6e:0a:c5:b3:aa:06:df:24:04:01:e2:2b:97:b2:
98:b5:d4:09:0d:99:26:c3:92:10:57:7b:b0:cd:3f:
26:91:d7:68:47:c2:12:b0:55:77:7e:0b:63:82:fe:
c5:94:00:5d:8c:4b:ab:ca:37:86:42:40:02:37:dc:
03:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:DC:9D:D1:26:9E:D2:EA:E2:AF:01:57:D5:49:EE:B3:62:18:26:4B
X509v3 Authority Key Identifier:
keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/Ktyd0Sae0urirwFX1Unus2IYJks.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
166.108.160.0/22
166.108.168.0/22
166.108.196.0/22
166.108.218.0/23
166.108.224.0/23
166.108.232.0/23
Signature Algorithm: sha256WithRSAEncryption
1e:d9:87:21:28:b7:aa:6b:85:c5:dc:a1:00:3c:c7:b0:03:f8:
bd:eb:eb:bb:a8:15:10:aa:5d:88:15:07:f7:1d:fa:2e:ea:f9:
34:08:48:2e:42:91:28:9a:e1:3e:3f:f0:80:01:22:78:e3:db:
c8:b9:7a:bc:5f:c3:2d:10:63:fc:18:dc:65:8a:8e:b0:ff:80:
43:97:4d:5d:c6:f1:27:42:3c:7a:34:f9:20:6a:16:66:c5:4b:
f2:69:ca:55:4d:51:8a:16:2e:de:3b:5c:da:eb:fb:ae:b4:5a:
43:60:f7:85:6e:65:bc:cf:81:fe:7f:00:1d:f9:22:38:9d:19:
c0:6a:13:c5:b1:35:38:fc:f1:ba:f6:78:b7:a6:bf:5d:e8:d6:
12:5f:f8:87:c6:9d:33:bf:28:34:66:d6:d8:a5:5e:a9:da:b4:
5e:59:fe:b5:ca:15:0f:51:c2:1b:83:b6:e3:3f:65:00:7c:34:
61:20:1a:c0:9a:08:55:ca:96:df:00:6d:dd:a9:6c:6f:f0:38:
db:fd:7f:e9:d6:56:dd:05:e2:49:83:6d:31:41:74:08:1d:19:
d7:aa:9f:42:34:75:68:46:17:54:90:76:35:62:a7:bd:a9:6a:
59:24:f9:94:43:f7:06:07:3c:22:2a:f7:49:77:78:3e:a5:d6:
29:c7:f1:b4
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYSuBslDKhADQnQbxQcd0ReCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIxMTI1MDkwMzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWRjOWRkMTI2OWVkMmVhZTJhZjAxNTdkNTQ5ZWViMzYyMTgyNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNsoUaHiHq+Y0JXvR9hkHnHejQMU
WDhaC5ev/9pjAAJnlJgUWmyWn7MyavkGzxbX/6NeJ2/510DCsGZ8RI9L2alrIow8
UBvjs3v/1xGXfR8AaTwmJeuKwmVQEIvSciqS69SrriDwyTlhMzKcgiDYCsbgdszH
IQhRvRVqBrxFkV9SHEEiR/3KCQVB0gHUaVJOxbd9KnnCYu1p5xURHNqx6QFwwq36
aXnHRRiCZnsyJM5gU9B0353gGXZyIUaZmVPqiwURbgrFs6oG3yQEAeIrl7KYtdQJ
DZkmw5IQV3uwzT8mkddoR8ISsFV3fgtjgv7FlABdjEuryjeGQkACN9wDTwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFCrcndEmntLq4q8BV9VJ7rNiGCZLMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvS3R5ZDBTYWUwdXJpcndGWDFVbnVzMklZSmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCpmygAwQC
pmyoAwQCpmzEAwQBpmzaAwQBpmzgAwQBpmzoMA0GCSqGSIb3DQEBCwUAA4IBAQAe
2YchKLeqa4XF3KEAPMewA/i96+u7qBUQql2IFQf3Hfou6vk0CEguQpEomuE+P/CA
ASJ449vIuXq8X8MtEGP8GNxlio6w/4BDl01dxvEnQjx6NPkgahZmxUvyacpVTVGK
Fi7eO1za6/uutFpDYPeFbmW8z4H+fwAd+SI4nRnAahPFsTU4/PG69ni3pr9d6NYS
X/iHxp0zvyg0ZtbYpV6p2rReWf61yhUPUcIbg7bjP2UAfDRhIBrAmghVypbfAG3d
qWxv8Djb/X/p1lbdBeJJg20xQXQIHRnXqp9CNHVoRhdUkHY1Yqe9qWpZJPmUQ/cG
BzwiKvdJd3g+pdYpx/G0
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:16:10 2025 by rpki-client